REMARKS 



Claims 26-28 have been cancelled. Claims 2, 14, 16, and 23-25 have been amended to 
clarify the subject matter regarded as the invention. Claims 1-25 and 29-3 1 are pending. 

Claim Rejections under 35 U.S.C. §112, first paragraph 

The Examiner has rejected Claims 29-3 1 under 35 U.S.C. § 1 12, first paragraph. The 
rejections are respectfully traversed. 

Claim 29 recites: 

29. (Previously presented) The system of claim 1 wherein the 
processor is configured to calculate security consumption 
including by determining a monetary value associated with the 
damages avoided. 

Paragraph [0039] of the Specification states: 

[0039] In FIG 4, the existing countermeasure is a single network 
firewall. If the attack is not stopped by the firewall, it will 
be detected, logged and blocked by the Incident detector and 
blocker 210. The difference between all attacks sensed on the 
network perimeter and attacks actually stopped by Incident 
detector and blocker 210 is the bypass rate of the existing 
security countermeasures . This data indicates the contribution to 
risk reduction of the existing security countermeasures. 
Incorporating acquisition and operating costs, the Risk 
calculator 240 can produce return on investment metrics that 
allow the customer to compare the economic value of the various 
security countermeasures currently installed on the business 
organization network. [Emphasis added.] 

Support for Claim 29 may be found, without limitation, in the underlined portion 
indicated above. 

Claim 30 recites: 
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30. (Previously presented) The system of claim 1 wherein the 
processor is configured to determine one or more quantities at 
least in part by determining a first portion of damages avoided 
by a customer and by determining a second portion of damages 
avoided by a party other than the customer on behalf of the 
customer . 

Paragraphs [0038]-[0039] of the Specification state: 

[0038] In business organizations with existing security countermeasures 
installed system 300 is used to calculate the security value of the 
existing countermeasures. In this embodiment, system 200 is enhanced 
with Incident sensor 310 that is simply the Incident detector and 
blocker used in system 200 with the blocking disabled. Attacks 
originating on the Internet are first sensed and logged by the Incident 
sensor 310. The attack traffic is allowed to pass through the existing 
security countermeasures currently installed in the business 
organization . 

[0039] In FIG 4, the existing countermeasure is a single network 
firewall. If the attack is not stopped by the firewall, it will be 
detected, logged and blocked by the Incident detector and blocker 210. 
The difference between all attacks sensed on the network perimeter and 
attacks actually stopped by Incident detector and blocker 210 is the 
bypass rate of the existing security countermeasures. This data 
indicates the contribution to risk reduction of the existing security 
countermeasures. Incorporating acquisition and operating costs, the 
Risk calculator 240 can produce return on investment metrics that allow 
the customer to compare the economic value of the various security 
countermeasures currently installed on the business organization 
network. [Emphasis added.] 

Support for Claim 30 may be found, without limitation, in the underlined portion 
indicated above. 

Claim 31 recites: 

31. (Previously presented) The system of claim 1 wherein the processor 

is configured to determine one or more quantities at least in part by 

determining a count of the one or more blocked attacks. 
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Figure 3 is reproduced below: 
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Support for Claim 3 1 may be found, without limitation, in Figure 3 (e.g. various entries 
in the right column). 

Applicants respectfully request that the rejections of Claims 29-31 under 35 U.S.C. §1 12, 
first paragraph, be withdrawn accordingly. 

Claim Rejections under 35 U.S.C. §112, second paragraph 

Claims 16-21 were rejected by the Examiner under 35 U.S.C. §1 12, second paragraph. 
Claim 16 has been amended. Further, examples of corresponding structure may be found, 
without limitation, in Figure 1, and paragraphs [0027]-[0030] of the Specification. Applicants 
respectfully request that the rejections of Claims 16-21 under 35 U.S.C. §1 12, second paragraph, 
be withdrawn accordingly. 
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Claim Rejections - 35 U.S.C. §101 



Claim 10 has been amended in a manner that is believed to overcome the rejection of that 
claim under 35 U.S.C. § 101 . Accordingly, Applicants respectfully request that the rejections of 
Claims 10-14 under 35 U.S.C. §101 be withdrawn. 

The rejections of Claims 16 and 22 and corresponding dependent claims under 35 U.S.C. 
§101 are respectfully traversed. 

Contrary to the Examiner's apparent assertions on Page 2 and Page 6 of the new office 
action, Claim 16 recites an apparatus, not a process. An apparatus is statutory subject matter 
under 35 U.S.C. §101. 

As amended, Claim 22 recites a "computer program product embodied in a non-transitory 
computer-readable storage medium." Support for such a medium may be found, without 
limitation in Paragraph [0028] of the Specification, which states that a storage input device 170 
"such as a floppy disk drive or CD-ROM drive" accepts "computer program products" such as "a 
floppy disk or CD-ROM or other nonvolatile storage media that may be used to transport 
computer instructions." Further, while a propagated signal is mentioned in the Specification, a 
propagated signal is not a "non-transitory computer-readable storage medium" and is thus not 
claimed by Claim 22. 

Applicants respectfully request that the rejection of Claims 16 and 22 under 35 U.S.C. 
§101 and the rejections of their respective dependent claims be withdrawn accordingly. 

Claim Rejections - 35 U.S.C. §103(a) 

The Examiner has rejected Claims 1-27 under 35 U.S.C. § 103(a) as being unpatentable 
over Liang (U.S. Patent No. 7,062,553) in view of Takahashi (U.S. Publication 2003/0159064). 
The rejections are respectfully traversed. 

The Liang Reference 

Applicants filed a Notice of Appeal on June 23, 2010 along with a Pre- Appeal Brief 
Request for Review. In the request, Applicants asked that several different aspects of the 
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December 23, 2009 Final Office Action be reviewed. On August 27, 2010 a Notice of Panel 
Decision was mailed stating, in part, as follows: 

"4. Reopen Prosecution - A conference has been held. The 
rejection is withdrawn and a new Office action will be mailed." 
(Emphasis added by Applicant.) 

On Page 2 of the new Office action (the Office Action mailed November 12, 2010), the 
Examiner made the following statement: 

"2. A pplicants arguments filed June 28, 2010, under 35 USC 102, 
have been fully considered, and they are persuasive . However, upon 
further search and consideration, the new ground (s) of rejection is 
made in view of Takahashi (US 2003/0159064 Al) . (Emphasis added by 
Applicant . ) 

A summary of what was argued in Applicant's Remarks in Support of Pre-Appcal, 
regarding the rejection of the claims under 102 is as follows: 

Liang does not disclose determining "one or more quantities of 
damages avoided by one or more blocked attacks." [Page 3] 

Accordingly, based on the mailing of a new office action in response to the Applicant's 
Pre -Appeal Brief Request for Review, and based on the Examiner's statements regarding the 
persuasive nature of the Applicants arguments with respect to 35 USC 102, Applicants conclude 
that the Examiner concedes that Liang does not disclose determining "one or more 
quantities of damages avoided by one or more blocked attacks." 

On Page 7 of the new Office Action, the Examiner appears to take an internally 
inconsistent view with respect to what is disclosed in Liang: 

i. Liang teaches a system comprising: 

(1) a processor (column 4, line 29; column of Liang) ; and a 
memory, coupled to the processor, wherein the memory is 
configured to provide the processor with instructions (column 8, 
lines 38-44 of Liang) which when executed cause the processor to: 
determining one or more quantities of damages avoided by one or 
more blocked attacks (see Figure 4, element 1402 and Figure 5, 
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element 1502; column 2, line 66 through column 3, line 19 of 
Liang) ; and calculate security protection consumption during a 
period of time (see abstract; column 2, lines 34-44; column 11, 
lines 7-20 of Liang) . (Emphasis added by Applicant.) 

The Examiner thus appears to be asserting, in contradiction to the statement made in the 
Notice of Panel Decision and on Page 2 of the new office action, that Liang discloses 
determining "one or more quantities of damages avoided by one or more blocked attacks." 
Applicants respectfully request that in any future office actions the Examiner refrain from stating 
simultaneously that Liang both does and does not disclose that element. 

The Takahashi Reference 

On Page 7 of the new office action, the Examiner makes the following statements, in part, 
about the Takahashi reference: 

(2) determining the quantities of damages. 

Takahashi teaches . . . (2) in Figure 1, element 36, Figure 2, 
element S2, and Figure 3, element S15 of Takahashi. 

Applicants note at the outset that Claim 1 recites, in relevant part, "determining] one or 
more quantities of damages avoided by one or more blocked attacks." Claim 1 does not recite 
"determining the quantities of damages" as implied by the Examiner. 

Regarding what is disclosed by the portions of Takahashi cited by the Examiner: Figure 
1 element 36 depicts an "error quantity measurement unit." Figure 2 element S2 is a flow chart 
box that states "measurement of error quantity." Figure 3 element S15 of Takahashi is a flow 
chart box that states "does error quantity unusually increase?" 

None of the portions of Takahashi cited by the Examiner pertain to "determin[ing] one or 
more quantities of damages avoided by one or more blocked attacks," as recited in Claim 1 . 
In reviewing the text accompanying the descriptions of the three figure elements cited by the 
Examiner, it appears that element 36 of Takahashi is a module that evaluates a log file to 
conclude whether or not a "computer virus is being generated." [Takahashi, 0038.] Determining 
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that a computer virus is being generated is not the same as determining one or more quantities of 
damages avoided by one or more blocked attacks as is recited in Claim 1 . 

As neither Liang, or Takahashi, whether considered individually or in combination 
disclose all of the elements of Claim 1 , the Applicants respectfully submit that the Examiner has 
not made out a prima facie rejection of Claim 1 under 35 U.S.C. § 103(a). Applicants 
respectfully request that Claim 1 be allowed. Independent Claims 10, 16, and 22 recite 
limitations similar to Claim 1 and are therefore also believed to be allowable. 

Claims 2-9, 11-15, 17-21, 23-26, and 29-31 depend from one of the aforementioned 
independent claims and are believed to be allowable for the same reasons described above. 

The foregoing amendments are not to be taken as an admission of unpatentability of any 
of the claims prior to the amendments. 

Reconsideration of the application and allowance of all claims are respectfully requested 
based on the preceding remarks. If at any time the Examiner believes that an interview would be 
helpful, please contact the undersigned. 

Respectfully submitted, 

Dated: April 12. 2011 /Robvn Wagner/ 

Robyn Wagner 
Registration No. 50,575 
V 408-973-2596 
F 408-973-2595 

VAN PELT, YI & JAMES LLP 
10050 N. Foothill Blvd., Suite 200 
Cupertino, CA 95014 
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